package com.code.springsecurityoauth.config;

import com.code.springsecurityoauth.security.MyAuthenctiationFailureHandler;
import com.code.springsecurityoauth.security.MyAuthenticationSuccessHandler;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;

@Configuration
@EnableResourceServer
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {

    @Autowired
    private MyAuthenticationSuccessHandler myAuthenticationSuccessHandler;
    @Autowired
    private MyAuthenctiationFailureHandler myAuthenctiationFailureHandler;

    @Override
    public void configure(HttpSecurity http) throws Exception {
        http.formLogin()
                .loginPage("/signIn.html")
                .loginProcessingUrl("/authentication/form") // 那么前端请求到/authentication/form会自动走security的认证逻辑
                .successHandler(myAuthenticationSuccessHandler)
                .failureHandler(myAuthenctiationFailureHandler)
                .and()
                    .authorizeRequests()
                    .antMatchers(
                            "/signIn.html"
                    )
                    .permitAll()
                    .anyRequest()
                    .authenticated()
                .and()
                .csrf().disable();
    }
}
